fix(security): update path-to-regexp to 6.3.0
#2316
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I don't think this PR introduces this issue: https://app.codacy.com/gh/mswjs/msw/pull-requests/2316 Maybe this is due to old version of pnmp in use in this legacy branch? |
kettanaito
changed the title
path-to-regexp to fix vulnerability
kettanaito
changed the title
path-to-regexp to fix vulnerability[email protected]
|
@evktalo, if you are referring to the CI, it hasn't run so that failure was about something else. I've triggered it right now, let's see how it goes. |
kettanaito
changed the title
[email protected]path-to-regexp to 6.3.0
Released: v1.3.5 🎉This has been released in v1.3.5! Make sure to always update to the latest version ( Predictable release automation by @ossjs/release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reference: https://security.snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106
Background: We have a security alert from Snyk in the project I'm working on and it suggests upgrading to msw 2.0.0 to fix this issue. Looks like migrating is an unknown amount of work. Looks like the suggestion is to migrate from jest to vitest, and vitest is also something new for us (although interesting).
So I thought backporting this fix might be a nice and clean way to hopefully resolve this problem for us.